Hehe, well said dude. I bet hytech felt proud of himself up until this point.
Hytech, the touch is not a WAP.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
**huge Security Risk** Unix Newbs Read Now!
- Thread starter hytech dot org
- Start date
- Sort by reaction score
Hehe, well said dude. I bet hytech felt proud of himself up until this point.
Hytech, the touch is not a WAP.
Well if you were at starbucks and had your ipod out and saw somebody else on their ipod, you could scan the starbucks subnet (probably 192.168.1.*, don't know for sure -- I've never used starbucks wifi) and quickly find their ipod...very few laptops/devices have an SSH daemon so you'd know when you found their IP address.
You could steal photos off their ipod, which to me seems like the biggest threat. But also anybody who has jailbroken their iphone might have extra personal information on their that normal iPTs don't have. (Credit cards, passwords, etc.)
I think the OP's advice is really good...everybody should definitely change their password immediately after the jailbreak.
Edit: It would be sweet if we could get nmap on the iPT...
umm, i can sit at a place with local wifi, sniff traffic, and pwn iPt/iphones.
and yes, you better believe i changed the password to mine.
Changed...Thanks for the heads-up...I jailbroke a touch today as security experiment following guides and instructions on this forum. I just want to let you all know that there is a pretty big omission i have seen from all these tutorials.
They fail to have you change the root password after everything is done.
For those who do not understand the implications to this, you must really do the following.
1) SSH into your Touch
2) Login as root using default password alpine
3) Once you are in the prompt, type the following command: passwd
4) Follow instructions to complete password change.
Here's the deal: If you don't change this, I can SSH into your iphone using the default alpine password - and then play god.
If you know what's good for you, you'll change it.
I am lost. I am using WinSCP. Log in to the touch with default password then what. Open Terminal, open command line??
any help would be great. I already installed the BSD app on the touch
any help would be great. I already installed the BSD app on the touch
you have to acces the Touch via Terminal (Utilities) on your Mac
I'm not sure if need to have OpenSSH installed on the Touch. It can be found in Installer.app.
in Terminal type
1) ssh -l root xxx.xxx.x.x
xxx.xxx.x.x = your Touch IP adress
-l = lower case L (LIMA)
2) enter password = old password = alpine
3) type passwd
4) type in new password (you won't see it on your screen)
5 retype new password
done!
I'm not sure if need to have OpenSSH installed on the Touch. It can be found in Installer.app.
in Terminal type
1) ssh -l root xxx.xxx.x.x
xxx.xxx.x.x = your Touch IP adress
-l = lower case L (LIMA)
2) enter password = old password = alpine
3) type passwd
4) type in new password (you won't see it on your screen)
5 retype new password
done!
I have to agree with everyone that the likelihood of someone being interested in the root folder on my iPod touch, when there is SUCH fertile ground with all the unprotected laptops everywhere is miniscule to none.
I am fine.
As far as uninstalling the BSD Subsystem, you don't. The only way to reclaim that 6.6meg of valuable application real estate is to restore your iPod and start all over again - this time not worrying about whether someone's gonna mess with your touch over a network. If they do, you simply restore. It's that easy.
I am fine.
As far as uninstalling the BSD Subsystem, you don't. The only way to reclaim that 6.6meg of valuable application real estate is to restore your iPod and start all over again - this time not worrying about whether someone's gonna mess with your touch over a network. If they do, you simply restore. It's that easy.
Rather than changing the password, couldn't you instead just turn off SSH whenever you aren't on a secure network?
I'm not saying this is better than changing the password, but I would assume that nobody could hack into your Ipod if SSH is turned off. Thanks.
I'm not saying this is better than changing the password, but I would assume that nobody could hack into your Ipod if SSH is turned off. Thanks.
Just turn SSH off
For people who are worried about this issue all they have to do is make sure they have the SSH app on their touch, and turn it off. That way no-one can log onto touch to do anything even if by chance they did happen to be on the same network and knew your exact IP address. It's a much easier and neater solution than messing with command line functions.
Cheers!
For people who are worried about this issue all they have to do is make sure they have the SSH app on their touch, and turn it off. That way no-one can log onto touch to do anything even if by chance they did happen to be on the same network and knew your exact IP address. It's a much easier and neater solution than messing with command line functions.
Cheers!
Right, and then you just turn it back on for the 10 mins or so that you want to SFTP to it when you are on a secure network.
That is what I am going to do. Turn in on, do my stuff when I'm on my encrypted network, switch SSH back to off. Then I never have to worry about somebody hacking into my Ipod. They would first have to hack into my network which I think is much more unlikely.